Brian Lloyd wrote:
Here's a quick thing to try- if 'subject' is an attribute of your Article class, try adding:
class Article(...): subject__roles__=None
then restart and see if you still get unauthorized...
yup, I do :-( And besides, 'subject' is already in __ac_permissions__, as you can see: (a lot of stuff snipped out though ;-) __ac_permissions__ = ( ('View', ['subject','getThread'], ('Anonymous', 'Manager')), ) and I do appropriate Globals.default__class_init__'s... Man, I really have no idea, and not even any clue where to look. The big factor seems to be that 'subject' is a string. I had a similar problem with the SquishFile class with the 'icon' attribute. When it was a string: # protected by 'View' permission icon = 'misc_/Squishdot/squishfile_img' ...even though it was a class variable and protected in __ac_permissions__, I was getting very similar errors to the above... I was lucky, in that case, because it was a class variable, I could turn it into a method: # protected by 'View' permission def icon(self): return 'misc_/Squishdot/squishfile_img' ...and, lo and behold, no more security errors from there... :S Unfortunately, the string attributes in the Article class are instance attributes, not class attributes, so I can't do the same thing :-( Any ideas? cheers, Chris